CN107451813B - Payment method, payment device and payment server - Google Patents

Payment method, payment device and payment server Download PDF

Info

Publication number
CN107451813B
CN107451813B CN201610389773.2A CN201610389773A CN107451813B CN 107451813 B CN107451813 B CN 107451813B CN 201610389773 A CN201610389773 A CN 201610389773A CN 107451813 B CN107451813 B CN 107451813B
Authority
CN
China
Prior art keywords
payment
authorization code
code
secure
tee
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610389773.2A
Other languages
Chinese (zh)
Other versions
CN107451813A (en
Inventor
黄洁静
王梓
彭峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Co Ltd
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN201610389773.2A priority Critical patent/CN107451813B/en
Priority to PCT/CN2017/086317 priority patent/WO2017206833A1/en
Publication of CN107451813A publication Critical patent/CN107451813A/en
Application granted granted Critical
Publication of CN107451813B publication Critical patent/CN107451813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The technical scheme of the invention provides a payment method, payment equipment and a payment server. The payment method comprises the following steps: the payment equipment receives a payment request instruction, acquires a payment security code in the TEE, generates a secure payment authorization code according to the payment security code, and displays the secure payment authorization code in the TUI of the TEE; the payment server obtains the safe payment authorization code, verifies the legality of the safe payment authorization code according to the payment safety code, and carries out payment according to the safe payment authorization code. The technical scheme of the invention can improve the safety of payment.

Description

Payment method, payment device and payment server
Technical Field
The invention relates to the technical field of information, in particular to a payment method, payment equipment and a payment server.
Background
The phenomenon of completing payment by scanning bar codes or two-dimensional codes has become increasingly common in daily life (e.g., consumer locations such as convenience stores, shops, restaurants, etc.).
The method for realizing payment through scanning the bar code or the two-dimensional code mainly comprises the steps that a user provides a payment authorization code containing payment information such as user account information to a merchant in a bar code or two-dimensional code mode through a payment device (such as a mobile phone), the merchant scans the payment authorization code displayed on the payment device of the user through the mobile phone or a special scanning device, then the payment authorization code is sent to a payment system server, and the payment system server executes subsequent payment operation according to the payment authorization code.
The payment authorization code needs to be obtained before the user provides the payment authorization code to the merchant using the payment device. At present, a user can obtain a payment authorization code by using a payment device in two ways, namely an offline way and an online way. If the user uses the payment device to obtain the payment authorization code in an off-line mode, the payment mode can be called off-line payment; if the user uses the payment device to obtain the payment authorization code in an online manner, the payment manner may be referred to as online payment.
If the payment device needs to acquire the payment authorization code in an off-line manner, authorization code calculators are required on both the payment system server and the user's payment device, and the authorization code calculators on the payment system server and the user's payment device are synchronous, that is, the payment information, such as account information, time, timestamp, random number generator, and the like, on which the authorization code calculators on the payment system server and the user's payment device generate the user's payment authorization code are consistent. When the payment device needs to obtain the payment authorization code in an offline manner, when a user interface running in a Rich Execution Environment (REE) of the payment device receives a payment request input by a user (for example, the user clicks a 'payment' option in the user interface), a payment authorization code calculator in the REE is run to generate the payment authorization code, and the payment authorization code is presented under the REE in the form of a bar code or a two-dimensional code on a display device of the payment device.
If the payment device needs to obtain the payment authorization code in an online manner, the user's payment device must be connected to a network. Thus, when the user needs to obtain the payment authorization code, the user inputs a payment request (for example, clicking a "payment" option on the user interface) through the user interface running in the REE of the payment device, the payment device receives the payment request of the user and sends the request to the payment system server, and then the payment system server generates the payment authorization code of the user and sends the code to the payment device of the user through the network. The payment authorization code is received by the user's payment device and presented from the display of the payment device through a user interface operating under the REE.
Although the payment mode simplifies the tedious processes of inputting an account number and the like in the original transaction process by scanning the payment authorization code presented in the form of the bar code or the two-dimensional code, the use experience of the user is improved, and huge potential safety hazards exist in both the off-line payment mode and the on-line payment mode.
In both the offline payment mode and the online payment mode, after receiving the payment authorization code, the payment system server only determines the validity of the payment authorization code, that is, only verifies whether the payment authorization code is correct or not, and whether the payment authorization code is consistent with the payment authorization code generated or sent by the payment system server side, and does not determine whether the source of the payment authorization code is legal or not. When the payment authorization code is determined to be valid, a subsequent payment process is executed, which can cause the payment system server to judge that the payment authorization code is valid when acquiring any one of the following payment authorization codes, and then perform subsequent payment operation, thereby reducing the security of payment: after the malicious application acquires the payment information of the payment authorization code generated by the authorization code calculator, the payment authorization code generated by the authorization code calculator is copied according to the payment information; the malicious application arbitrarily simulates the payment behavior of the user and triggers the payment authorization code generated by the authorization code calculator; after the user triggers generation or receives the payment authorization code, the stolen payment authorization code is maliciously applied, such as the payment authorization code displayed in the form of the two-dimensional code is obtained by screen capture.
Disclosure of Invention
The payment method, the payment equipment and the payment server provided by the invention can improve the security of payment.
In a first aspect, the invention provides a payment method comprising: receiving an instruction to request payment; acquiring a payment security code in a Trusted Execution Environment (TEE); generating a secure payment authorization code in the TEE according to the payment security code, wherein the payment security code is used for verifying the validity of the secure payment authorization code by a payment system server; and displaying the secure payment authorization code in the TUI of the TEE so that the payment server can obtain the secure payment authorization code and pay according to the secure payment authorization code.
In the payment method of the invention, because the secure payment authorization code includes the payment secure code in the TEE, it can be shown that the secure payment authorization code is generated in the TEE, that is, that the secure payment authorization code is legal. After the payment server acquires the secure payment authorization code, the payment server can judge the payment security code in the secure payment authorization code to determine that the secure payment authorization code is from a secure environment and is authentic, and then performs payment, so that payment according to the payment authorization code generated by malicious software imitating legal software can be avoided, and finally, the payment security is provided. On the other hand, because the secure payment authorization code is presented in the TEE of the payment device, and the payment device under the TEE has the screen capture prevention function, malicious software can be prevented from stealing the secure payment authorization code generated in the TEE of the payment device through screen capture and other modes, malicious software can be prevented from triggering the payment device to generate and steal the secure payment authorization code, and finally, the payment security is improved.
In a possible implementation manner, the method further includes obtaining payment information, where the payment information includes at least one of identification information of a payment account, a payment type, a payment method, payment time, a timestamp, and a random number generator; wherein the payment security code is generated based on a device number of a payment device or the identification information; generating, in the TEE, a secure payment authorization code according to the payment security code, including: and generating the safe payment authorization code in the TEE according to the payment safety code and the payment information of the payment account.
In this implementation, the payment information for generating the secure payment authorization code may include various information, so that the payment server may flexibly perform payment according to a requirement. On the other hand, the payment security code generated based on the device number of the payment device or the identification information of the payment account number can more reliably verify the security validity of the secure payment authorization code.
In one possible implementation manner, the obtaining the payment information includes: sending a request message of the payment information to a payment server; and receiving a response message sent by a payment server, wherein the response message comprises the payment information.
In the implementation mode, the payment information is obtained from the payment server immediately when the safe payment authorization code needs to be generated, so that the payment mode can be implemented in an online mode.
In one possible implementation manner, the obtaining the payment information includes: sending a request message of a payment authorization code to a payment server; receiving a response message sent by a payment server, wherein the response message comprises a payment authorization code, and the payment authorization code carries the payment information; wherein the generating the secure payment authorization code according to the payment security code and the payment information in the TEE comprises: generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
In the implementation mode, in an online mode, the payment authorization code is generated according to the payment information, and then the safe payment authorization code is generated, so that on one hand, the method for generating the payment authorization code in the prior art can be used, the utilization rate of the method for generating the payment authorization code in the prior art is improved, and on the other hand, the complexity of generating the safe payment authorization code according to the payment security code can be reduced.
In one possible implementation, the payment information is already stored in the payment device prior to receiving the instruction.
In the implementation mode, the payment information is pre-stored in the payment device, so that the safe payment authorization code can be generated without acquiring the payment information from the payment server when the safe payment authorization code is generated, and offline payment can be realized.
In one possible implementation manner, the generating, in the TEE, the secure payment authorization code according to the payment security code and the payment information includes: generating a payment authorization code according to the payment information; generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
In the implementation mode, in an off-line payment mode, the payment authorization code is generated according to the payment information, and then the safe payment authorization code is generated, so that on one hand, the method for generating the payment authorization code in the prior art can be used, the utilization rate of the method for generating the payment authorization code in the prior art is improved, and on the other hand, the complexity of generating the safe payment authorization code according to the payment security code can be reduced.
In one possible implementation manner, the generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code includes: calculating a hash value of the payment security code and the payment authorization code in the TEE, the hash value being the secure payment authorization code.
In the implementation mode, the safe payment authorization code represented by the hash value is irreversible, so that the situation that malicious software acquires the payment safety code from the safe payment authorization code after intercepting the safe payment authorization code can be avoided, and the payment safety is improved.
In one possible implementation, the displaying the secure payment authorization code in the TEE includes: and displaying the secure payment authorization code in the TEE in a two-dimensional code or bar code mode.
In the implementation mode, the safe payment authorization code is displayed in the modes of the two-dimensional code or the bar code and the like, so that the convenience of other equipment for obtaining the safe payment authorization code can be improved.
In a second aspect, the present invention provides a payment method, comprising: receiving a secure payment authorization code, the secure payment authorization code including a payment security code; verifying the validity of the secure payment authorization code according to the payment security code; and paying according to the safe payment authorization code.
In the payment method, after the payment server receives the secure payment authorization code, whether the secure payment authorization code is from the TEE (trusted execution environment), namely whether the secure payment authorization code is secure or legal, needs to be determined through the payment secure code, and then payment is performed, so that the payment security is improved.
In one possible implementation manner, the secure payment authorization code further includes payment information, the payment information includes at least one of identification information of a payment account, a payment type, a payment method, a payment time, a timestamp, and a random number generator, and the payment security code is generated based on a device number of a payment device or the identification information; the payment method further comprises the following steps: obtaining the payment information in the secure payment authorization code; wherein said making payment according to said secure payment authorization code comprises: and carrying out payment according to the payment information.
In this implementation, the payment information in the secure payment authorization code may include various information, so that the payment server may flexibly perform payment according to a requirement. On the other hand, the payment security code generated based on the device number of the payment device or the identification information of the payment account number can more reliably verify the security validity of the payment authorization code.
In a possible implementation manner, the obtaining payment information in the secure payment authorization code includes: acquiring a first payment authorization code in the secure payment authorization codes; obtaining the payment information from the first payment authorization code.
In the implementation mode, the payment authorization code is obtained from the safe payment authorization code, and then the payment information is obtained from the payment authorization code, so that the method for obtaining the payment information according to the payment authorization code in the prior art can be used, the utilization rate of the method for obtaining the payment information in the prior art is improved, and on the other hand, the complexity of obtaining the payment safety code according to the safe payment authorization code can be reduced.
In one possible implementation, the payment method further includes: receiving a payment authorization code request message, wherein the payment authorization code request message is sent by payment equipment after receiving a payment request instruction; sending a response message to the payment device, wherein the response message carries the first payment authorization code; the secure payment authorization code is generated by the payment device in the TEE according to the first payment authorization code and a payment security code in the TEE.
In the implementation manner, after receiving the payment authorization code request message sent by the payment device, the payment authorization code carrying the payment information is sent to the payment device, so that the payment device can directly generate the safe payment authorization code according to the payment authorization code and the payment security code, and the complexity of generating the safe payment authorization code by the payment device is reduced while online payment is realized.
In one possible implementation, the payment method further includes: receiving a payment information request message, wherein the payment information request message is sent by payment equipment after receiving a payment request instruction; sending a response message to the payment equipment, wherein the response message carries the payment information; the secure payment authorization code is generated by the payment device in the TEE according to the payment information and the payment secure code in the TEE.
In the implementation mode, after the payment information request message sent by the payment equipment is received, the payment information is directly sent to the payment equipment, so that the payment equipment directly generates the safe payment authorization code according to the payment information and the payment safety code, and the safe payment authorization code can be flexibly generated according to the payment information while online payment is realized.
In one possible implementation manner, the secure payment authorization code is generated by the payment device in the TEE according to the payment information pre-stored in the payment device and the secure payment code in the TEE.
In the implementation mode, the secure payment authorization code is generated by the payment equipment according to the locally pre-stored payment information and the payment security code, and the off-line payment is realized while the secure payment authorization code is flexibly generated according to the payment information.
In a possible implementation manner, the secure payment authorization code is generated in the TEE according to the second payment authorization code and a secure payment code in the TEE after the payment device generates the second payment authorization code according to the payment information pre-stored in the payment device.
In the implementation manner, the secure payment authorization code is generated by the payment device according to the payment information pre-stored locally and then according to the payment authorization code and the payment security code, so that the payment device can continue to use the method for generating the payment authorization code in the prior art, the utilization rate of the method for generating the payment authorization code in the prior art is improved, and meanwhile, offline payment can be realized.
In one possible implementation, the verifying that the secure payment authorization code is legitimate according to the payment security code includes: generating a third payment authorization code according to the payment information locally stored by the payment server; calculating a hash value of the third payment authorization code and a payment security code locally stored by the payment server; determining that the secure payment authorization code matches the hash value to verify the legitimacy of the secure payment authorization code.
In a third aspect, the invention provides a payment device comprising means for performing the payment method of the first aspect.
In a fourth aspect, the invention provides a payment server for executing the modules of the payment method of the second aspect.
In a fifth aspect, the invention provides a payment device comprising a memory, a processor, and a transceiver. The memory is for storing a program, the processor is for executing the program, and the transceiver is for communicating with a payment server. When the program is executed, the processor performs the method of the first aspect.
In a sixth aspect, the invention provides a payment server comprising a memory for storing a program, a processor for executing the program, and a transceiver for communicating with a payment device. When the program is executed, the processor performs the method of the second aspect.
In a seventh aspect, the invention provides a payment system comprising a payment device as described in the third aspect, and a payment server as described in the fourth aspect.
In an eighth aspect, the present invention provides a system chip, including an input interface, an output interface, at least one processor, and a memory, where the input interface, the output interface, the processor, and the memory are connected via a system bus, and the processor is configured to execute codes in the memory, and when the codes are executed, the processor implements the method in the first aspect.
In a ninth aspect, the present invention provides a system chip, which includes an input interface, an output interface, at least one processor, and a memory, where the input interface, the output interface, the processor, and the memory are connected via a system bus, and the processor is configured to execute codes in the memory. When the code is executed, the processor implements the method of the second aspect.
In a tenth aspect, the invention provides a computer readable medium storing program code for execution by a payment device, the program code comprising instructions for performing the aspects of the first aspect.
In an eleventh aspect, the invention provides a computer readable medium storing program code for execution by a payment server, the program code comprising instructions for performing the method of the second aspect.
In a twelfth aspect, the present invention provides a payment method, including: receiving an instruction to request payment; obtaining payment information used for generating a payment authorization code in the TEE; generating a payment authorization code in the TEE according to the payment information; displaying the payment authorization code in the TEE, so that the payment server can obtain the payment authorization code and pay according to the payment authorization code.
According to the technical scheme of the embodiment of the invention, as the payment information used for generating the payment authorization code is in the TEE, the payment information can be prevented from being stolen by malicious software, the malicious software is prevented from imitating the payment application to generate the payment authorization code, and in addition, the payment authorization code is displayed in the TEE, so that the payment safety can be finally improved.
In a thirteenth aspect, there is provided a payment device comprising modules for performing the payment method of the twelfth aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow diagram of a payment method of an embodiment of the present invention.
Fig. 2 is a schematic flow diagram of a payment method of an embodiment of the invention.
Fig. 3 is a schematic configuration diagram of a payment apparatus of an embodiment of the present invention.
Fig. 4 is a schematic configuration diagram of a payment apparatus of an embodiment of the present invention.
Fig. 5 is a schematic configuration diagram of a payment server of the embodiment of the present invention.
Fig. 6 is a schematic configuration diagram of a payment apparatus of an embodiment of the present invention.
Fig. 7 is a schematic configuration diagram of a payment server of the embodiment of the present invention.
Fig. 8 is a schematic configuration diagram of a system chip of the embodiment of the present invention.
Fig. 9 is a schematic configuration diagram of a system chip of the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow diagram of a payment method of an embodiment of the present invention. It should be understood that fig. 1 shows steps or operations of a payment method, but these steps or operations are merely examples, and other operations or variations of the respective operations in fig. 1 may also be performed by embodiments of the present invention. Moreover, the various steps in FIG. 1 may be performed in a different order presented than in FIG. 1, and it is possible that not all of the operations in FIG. 1 may be performed.
In the payment method of fig. 1, a user may input an instruction or the like to the payment device through a unit or a module of the payment device having an input function, and communication between the payment device and the payment server, and communication between the cash register device and the payment server may be performed through a mobile network or a fixed network. The payment device is used by the user who needs to make a payment and the scanning device and the cash register device are used by the payee. It should be understood that the cash register device may be divided into a plurality of physical devices to be deployed respectively according to functions, and the scanning device and the cash register device may also be deployed on the same physical device, such as a mobile phone.
The payment device should be operable in TEE and Rich Execution Environments (REE), such as the Android Environment. The TEE is based on trusted zone (TrustZone) technology, which is a running environment that co-exists with the REE on the payment device. The TEE corresponds to a Trusted Operating System (Trusted OS) on the payment device; the REE corresponds to a Rich Operating System (Rich OS) on the payment device, such as the Android System. Of course, the payment device may also run only the TEE environment and its corresponding Trusted OS.
Software and hardware resources which can be accessed by the TEE are separated from those which can be accessed by the Rich OS, and the TEE can be said to have an operation space of the TEE. TEE is higher security level than Rich OS. The TEE provides a secure execution environment for Trusted Applications (TAs), such as authorized secure software, while also protecting the resources and data confidentiality, integrity and access rights of the TAs. To ensure the trustworthiness of the TEE itself, the TEE is authenticated and isolated from the Rich OS during secure boot. In TEE, each TA is independent of each other and cannot access each other without authorization.
The TEE internally contains a Trusted User Interface (TUI). The TUI means that the hardware resources such as screen display and keyboard are completely controlled and accessed by the TEE and not by the software in Rich OS at the time of display of key information and input of key data (such as password) of a user. By virtue of the nature of the TUI, the TEE may provide protection in terms of user authentication, transaction confirmation, and transaction processing.
The TEE may communicate with the REE through a standard interface that allows a Client Application (CA) running in Rich OS to access TA services and data. And the standard interface has strong secret keys and cryptographic algorithms, so that the safety of communication between the TEEs can be ensured.
S102, the payment device sends a registration request to the payment server and initiates a registration process.
In the registration process, the user may input various parameters such as a registered payment account, a user name corresponding to the payment account, authentication information, an authentication password, and the like to the payment device, and then the payment device sends the parameters to the payment server. After receiving the parameters, the payment server may assign a unique user identifier, such as an Open Identity (OpenID), to the user according to the parameters. If the payment device sends the device number to the payment server, the payment server may also allocate a unique user identifier to the user according to the device number, for example, encrypt all or part of the information of the device number, thereby obtaining the user identifier of the user.
In the registration process, the payment server may also allocate a payment security code to the user, where the payment security code may be generated according to a device number of the payment device or a user identifier (e.g., OpenID) of the user, for example, directly use the device number as the payment security code, intercept part of information of the device number as the payment security code, encrypt all or part of information of the device number, intercept part of information of the user identifier (e.g., OpenID) as the payment authorization code, or encrypt all or part of information of the user identifier (e.g., OpenID) to obtain the payment security code. Of course, other information may be used as the payment security code, and the invention is not limited in this regard.
After the registration is completed, the payment server may send the relevant information of the payment account of the user to the payment device, and may also send a payment security code generated for the payment device to the payment device. Of course, the payment server also records the payment security code and records the corresponding relationship between the payment security code and the payment account.
The payment equipment should receive the payment security code sent by the payment server in the TEE and store the payment security code in the TEE to prevent malicious stealing and use, so that the security of the payment security code is improved.
The generation of the payment security code may also be accomplished by the payment device. For example, the payment device may generate a payment security code during or after the registration is completed, and report the payment security code to the payment server, so that the payment server knows that the payment account of the user corresponds to the payment security code.
The payment device may generate the payment security code by using the method for generating the payment security code by using the payment server, or generate the payment security code by using other methods, which is not described herein for brevity. Of course, the payment security code may also be generated by other manners or other devices, and the obtained payment device is sent to the payment server, or the obtained payment server is sent to the payment device.
If the payment server generates the payment security code, the payment server may regenerate the payment security code periodically or according to other requirements, and send the payment security code to the payment device, so as to update the payment security code stored on the payment device.
If the payment security code is generated by the payment device, the payment device may regenerate the payment security code periodically or according to other requirements, and send the payment security code to the payment server to update the payment security code stored on the payment server.
After the registration is completed, the payment information or the payment security code of the payment account of the user can be updated as required. After the payment information and the payment security code of the payment account of the user are obtained, the payment equipment is ready for payment of the user.
The payment security code in the embodiment of the present invention may be a Token (Token) of a security channel established between the payment system server and the payment device, that is, Token information used in an interaction between the TEE in the payment device and the payment system server may be used as the payment security code.
And S104, the payment device receives a payment request input by the user.
The user may input the request to the payment device in a number of ways, such as by voice or by clicking a button on an input module of the payment device. The present invention is not limited to the manner in which the user inputs the request. The payment device may receive the request instruction in the REE (i.e., the user enters the request on the user interface in the REE) or may receive the request instruction in the TEE (i.e., the user enters the request on the TUI in the TEE).
S106, after the payment device receives the payment request, the payment device can send a request message of the payment authorization code to the payment server. The request message may carry information such as a user identifier (e.g., OpenID) of the user, so that the payment server generates a payment authorization code for the user.
S108, after receiving the payment authorization code request message sent by the payment device, the payment server may generate a payment authorization code according to a plurality of payment information, such as a user identifier of the user, a payment method of the user, payment time, a timestamp, and a random number generator, where the payment authorization code may carry the payment information, such as the user identifier, the payment method, and the payment time. In the embodiment of the present invention, the information used for generating the payment authorization code and the information carried by the payment authorization code may be referred to as payment information, and the payment information may include one or more information such as a user identifier of the user, a payment method of the user, payment time, and a timestamp. Of course, the payment information may also include other information that may be related to payment, and embodiments of the present invention are not limited thereto. The method of the payment server generating the payment authorization code may refer to the methods in the prior art.
S110, the payment server sends the payment authorization code generated by the payment server to the payment device. The payment authorization code may be stored in the TEE or the REE by the payment device after the payment device receives the payment authorization code.
S112, after the payment device receives the payment authorization code sent by the payment server, the payment security code in the TEE can be obtained, then the secure payment authorization code is generated in the TEE according to the payment security code and the payment authorization code, and the secure payment authorization code is displayed in the TEE.
It should be noted that the present invention does not limit the order of the payment device obtaining the payment security code and the payment authorization code from the payment server. The payment security code may have been previously obtained by the payment device from a payment server or other device, or may have been generated by the payment device itself.
The reason why the payment device generates the code according to the payment security code and the payment authorization code received from the payment server is called a secure payment authorization code is that the secure payment authorization code includes the payment security code compared with the payment authorization code generated by the payment server, and the payment security code is stored in the TEE, so that the secure payment authorization code can be verified to be originated from the TEE according to the payment security code, that is, the secure payment authorization code is secure and reliable and is legal.
The payment security code is used for verifying whether the payment authorization code is from the TEE, so the payment security code is not limited to the generation manner, and can be called as the payment security code as long as the information is acquired from the TEE of the payment device and the corresponding relationship between the information and the payment account of the user is reported to the payment server, and the payment security code can be generated according to the information.
When the payment device generates the secure payment authorization code according to the payment authorization code and the payment security code, one implementation manner may be to calculate a hash value of the payment authorization code and the payment security code, and use the hash value as the secure payment authorization code. Of course, the secure payment authorization code may also be generated in other manners, such as directly encrypting the payment authorization code and the payment security code by using an encryption algorithm, for example, directly calculating a hash value of the payment information and the payment security code, and using the hash value as the secure payment authorization code.
The payment device may display the secure payment authorization code in a variety of ways, such as by way of a one-dimensional code, a two-dimensional code, a barcode, a number, and the like.
S114, the payee or cashier may scan the secure payment authorization code displayed in the TEE of the user' S payment device through the scanning device. The scanning device may be a dedicated scanning device, such as an infrared scanning device, or may be a scanning device integrally disposed on another device (such as a mobile phone).
And S116, after the scanning device obtains the secure payment authorization code on the payment device, the secure payment authorization code can be sent to the cash register device. It should be noted that the scanning device and the payment receiving device may be the same device, and in this case, the device may directly obtain the secure payment authorization code after scanning the secure payment authorization code.
And S118, after the cash register device obtains the secure payment authorization code, sending a cash register request message to the payment server according to the secure payment authorization code, wherein the cash register request message carries the secure payment authorization code. Of course, the cash register request message may also carry other information, such as account information of the payee, and the like, which is not limited in the present invention.
S120, after receiving the cash register request message sent by the cash register device, the payment server acquires the secure payment authorization code from the request message, and then can verify the legality of the secure payment authorization code and pay in multiple ways.
The legality of the secure payment authorization code refers to whether the source of the secure payment authorization code is legal or not, and the source of the secure payment authorization code is legal through the payment security code, namely, the secure payment authorization code is from a legal TEE environment, but not a payment security code which is obtained illegally, such as forged by malicious application, non-screenshot obtaining and the like.
When the secure payment authorization code acquired by the payment server from the cash register device is the hash value of the payment authorization code and the payment security code calculated by the payment device, the method for the payment server to verify the validity of the secure payment authorization code comprises the following steps: and matching the secure payment authorization code generated by the payment equipment with the hash value of the payment authorization code and the payment security code locally calculated by the payment server to judge whether the secure payment authorization code generated by the payment equipment is legal or not. If the hash value calculated by the payment server can be matched with the hash value calculated by the payment device, it indicates that the secure payment authorization code acquired by the payment server from the cash register device is legal. The payment security code according to which the payment server calculates the hash value may be stored in the payment server in advance. The payment authorization code according to which the payment server calculates the hash value may be generated by the payment server from locally stored payment information used to generate the payment authorization code. Of course, the payment server may also directly calculate the hash value of the payment information and the payment security code for comparison with the hash value generated by the payment device.
Of course, the payment security code and the payment information of the user may also be obtained from the secure payment authorization code, and the payment information may include one or more information such as a user identifier of the user, a payment method of the user, a payment time, a timestamp, and the like. Of course, the payment information may also include other information that may be related to payment, and embodiments of the present invention are not limited thereto.
When the payment server obtains the payment information of the user from the secure payment money receiving code, the payment authorization code carrying the payment information can be obtained from the secure payment authorization code, and then the payment information of the user can be obtained from the payment authorization code. Of course, the payment server may also obtain the payment information of the user directly from the secure payment authorization code.
And after the payment server acquires the payment security code, verifying the safety and the reliability of the safe payment authorization code according to the payment security code. There are various ways of implementing the security and reliability of the payment server verifying the secure payment authorization code according to the payment security code, and for the sake of brevity, one of these ways is taken as an exemplary description below.
For example, the payment server may determine whether the corresponding relationship between the payment security code and the payment account of the user is stored locally, so as to determine the security and reliability of the secure payment authorization code. If the corresponding relation between the payment security code and the payment account of the user is recorded on the payment server, the safe payment authorization code is safe and reliable, otherwise, the safe payment authorization code is unsafe. The corresponding relationship between the payment security code and the payment account may be embodied by a corresponding relationship between the payment security code and a user identifier of the user, a payment device of the user, or other information, which is not limited in the present invention.
And after the payment server acquires the payment information of the user, verifying the legality of the payment information. If the payment information includes the payment time, it may be verified whether the time when the payment server receives the secure payment authorization code has exceeded the valid time of the secure payment authorization code.
When the payment system verifies that the secure payment authorization code is legal, payment can be carried out according to other payment information, so that the payment security is improved. One exemplary operation of payment may be deducting a payment amount from the payment account based on the identification information of the payment account.
And S122, after completing payment according to the secure payment authorization code, the payment server can send a notification message to any one or all of the payment device and the cash register device so as to notify the payment device or the cash register device that the payment is successful. At this time, the payment server may simultaneously transmit the notification message to the payment device and the cash register device, or may separately transmit the notification message to the payment device and the cash register device.
Of course, when the payment server verifies that the secure payment authorization code is not legitimate according to the payment security code, a notification message of verification failure may also be sent to the payment device or the cash register device; when the payment server verifies that the carried payment message is illegal, notification messages can be sent to the payment device and the cash register device, so that the payment device and the cash register device can perform subsequent operations, such as regenerating a safe payment authorization code by the payment device, giving up cash by the cash register device, and the like.
In the embodiment of the present invention, optionally, in S106, after receiving the request instruction of the payment authorization code, the payment device may send a request message for generating the payment information of the payment authorization code of the user to the payment server. Accordingly, in S108, after receiving the request message, the payment server determines the payment information for generating the payment authorization code of the user. In S110, the payment server directly sends the payment information to the payment device, and the payment device may store the received payment information in the TEE or the REE. In S112, after the payment device receives the payment information, a secure payment authorization code may be directly generated according to the payment information and the payment security code, so as to improve the efficiency of generating the secure payment authorization code; the method in the prior art can also be used for generating the payment authorization code according to the payment information firstly, and then generating the safe payment authorization code according to the payment authorization code and the payment security code, so that the complexity of generating the safe payment authorization code is reduced.
For example, a hash value of the payment authorization code and the payment security code is calculated and used as the secure payment authorization code. Correspondingly, after the payment server obtains the secure payment authorization code, the secure payment authorization code is compared with the hash value calculated locally by the payment server. And if the secure payment authorization code is matched with the hash value calculated by the payment server, the secure payment authorization code is legal. The payment authorization code according to which the payment server locally calculates the hash value may be generated by the payment server according to locally stored payment information; the payment security code upon which the payment server locally calculates the hash value may be pre-stored in the payment server.
The payment method of the payment device for making payment in an online manner according to the embodiment of the present invention is described above with reference to fig. 1, and the payment method of the payment device for making payment in an offline manner according to the embodiment of the present invention is described below with reference to fig. 2. The same reference numerals in fig. 2 as in fig. 1 denote the same or similar meanings, and are not described herein again for brevity.
In the payment method shown in fig. 2, during the registration process initiated by the user to the payment server through the payment device or after the registration is completed, the payment server may send payment information used for the payment device to generate the payment authorization code to the payment device, and the payment device may store the payment information in the TEE or the REE.
S105, the payment device receives the payment request instruction, and generates a payment authorization code according to payment information (such as user identification of the user, payment mode of the user, payment time, timestamp, random number generator and the like) which is stored on the payment device and used for generating the payment authorization code; then generating a safe payment authorization code in the TEE according to the payment authorization code and a payment security code stored in the TEE of the payment device; finally, the secure payment authorization code is displayed in the TEE.
The information, which is stored by the payment device before receiving the request instruction of the user and used for generating the payment authorization code, may be acquired from the payment server during the process of registering with the payment server by the user using the payment device, or acquired from the payment server after the registration is completed, or acquired from other devices.
In the embodiment of the present invention, when the payment device generates the secure payment authorization code according to the information for generating the payment authorization code and the payment security code, the payment authorization code may be generated according to the information for generating the payment authorization code (the specific generation manner may refer to the prior art, or may use other manners), and then the secure payment authorization code is generated according to the payment authorization code and the payment security code. In this way, the method for generating the payment authorization code in the prior art can be used, the efficiency of generating the secure payment authorization code is improved, and the complexity of generating the secure payment authorization code is reduced.
Of course, the secure payment authorization code may also be directly generated according to the payment information and the payment security code used for generating the payment authorization code on the payment device, or a certain payment authorization code is generated first according to part of information in the information used for generating the payment authorization code, and then the secure payment authorization code is generated according to the payment authorization code and the payment security code.
When the payment device generates the secure payment authorization code according to the payment authorization code and the payment security code, one implementation manner may be to calculate a hash value of the payment authorization code and the payment security code, and use the hash value as the secure payment authorization code. Of course, the secure payment authorization code may be generated by other manners, such as directly encrypting the payment authorization code and the payment security code by using an encryption algorithm.
After the payment device generates the secure payment authorization code, the subsequent payment process is the same as or similar to the relevant steps in the payment method in fig. 1, and is not described herein again for brevity.
In summary, the secure payment authorization code generated by the payment device may be generated by the payment device in the TEE according to the payment authorization code and the payment security code pre-stored locally, or may be generated by the payment device in the TEE according to the payment information and the payment security code pre-stored locally. When the payment device generates a secure payment authorization code according to the payment authorization code and a payment security code pre-stored in the local, the payment authorization code may be obtained by the payment device from the payment server after receiving an instruction for requesting payment from the user, or may be locally generated by the payment device according to the payment information of the user.
Whether the payment device locally generates the payment authorization code according to the payment information and then generates the secure payment authorization code according to the payment security code, or the payment device directly generates the secure payment authorization code according to the payment information and the payment security code, the payment information can be obtained and stored from the payment server before the payment device receives the payment request of the user, or can be obtained from the payment server after the payment device receives the payment request of the user. The payment information may be stored in the TEE of the payment device or in the REE of the payment device, but the payment security code needs to be stored in the TEE.
Another payment method for improving payment security in the embodiment of the invention is as follows: the payment device receives an instruction for requesting payment; obtaining payment information used for generating a payment authorization code in the TEE; generating a payment authorization code in the TEE according to the payment information; displaying the payment authorization code in the TEE.
In the embodiment of the present invention, the implementation method that the payment device generates the payment authorization code according to the payment information in the TEE, and the payment flow after the payment server obtains the payment authorization code are the same as or similar to those in the prior art, and are not described here again.
Optionally, in the payment method shown in fig. 1 and fig. 2, all parameters (all seeds or factors) for generating the payment authorization code may be stored in the TEE environment, that is, a payment TA is deployed in the TEE, and the payment method is implemented in the TEE through the TA, so that the security of the whole payment process can be further improved.
The payment method of the present invention is described above with reference to fig. 1 and 2, and the payment apparatus and the payment server implementing the payment method of the present invention are described below with reference to fig. 3 to 8.
Fig. 3 is a schematic block diagram of a payment device 300 according to one embodiment of the present invention. The payment device 300 shown in fig. 3 is capable of implementing the steps performed by the payment device in fig. 1 and fig. 2, and in order to avoid repetition, the details are not repeated here.
An input module 310 is used for receiving an instruction for requesting payment.
An obtaining module 320, configured to obtain a payment security code in the TEE.
A generating module 330, configured to generate, in the TEE, a secure payment authorization code according to the payment security code, where the payment security code is used for the payment server to verify validity of the secure payment authorization code.
An output module 340, configured to display the secure payment authorization code in the TUI of the TEE, so that the payment server obtains the secure payment authorization code and performs payment according to the secure payment authorization code.
According to the payment device, the generated payment authorization code comprises the security code in the TEE, so that the payment authorization code is generated in the TEE, namely the payment authorization code is legal, and after the payment server obtains the payment authorization code, the payment authorization code is determined to be from a secure environment and be credible by judging that the security code is contained in the payment authorization code, then payment is carried out, so that payment can be avoided by imitating the payment authorization code generated by legal software according to malicious software, and finally the payment security is provided. On the other hand, because the payment authorization code is presented in the TEE of the payment device, and the payment device under the TEE has the screen capture prevention function, malicious software can be prevented from stealing the payment authorization code generated in the TEE of the payment device through screen capture and other modes, malicious software can be prevented from triggering the payment device to generate and steal the payment authorization code, and finally the payment security is improved.
Optionally, as an embodiment, the obtaining module is further configured to obtain payment information, where the payment information includes at least one of identification information of a payment account, a payment type, a payment method, a payment time, a timestamp, and a random number generator, and the payment security code is generated based on a device number of a payment device or the identification information; the generating module 330 is specifically configured to: generating the secure payment authorization code in the TEE according to the payment security code and payment information.
Optionally, as an embodiment, the obtaining module 320 is specifically configured to: sending a request message of the payment information to a payment server; and receiving a response message sent by a payment server, wherein the response message comprises the payment information.
Optionally, as an embodiment, the obtaining module is specifically configured to: sending a request message of a payment authorization code to a payment server; receiving a response message sent by a payment server, wherein the response message comprises a payment authorization code, and the payment authorization code carries the payment information. The generating module 330 is specifically configured to generate the secure payment authorization code in the TEE according to the payment security code and the payment authorization code.
Optionally, as an embodiment, the payment information is pre-stored in the TEE before receiving the instruction.
Optionally, as an embodiment, the generating module is specifically configured to: generating a payment authorization code according to the payment information; generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
Optionally, as an embodiment, the generating module is specifically configured to: calculating a hash value of the payment security code and the payment authorization code, wherein the hash value is the secure payment authorization code.
Optionally, as an embodiment, the output module is specifically configured to: and displaying the secure payment authorization code in the TEE in a two-dimensional code or bar code mode.
Fig. 4 is a schematic block diagram of a payment device 400 in one embodiment of the invention. Payment device 400 includes components such as processing unit 410, input unit 420, output unit 430, storage unit 440, communication unit 450, and power supply 460, which communicate via one or more buses.
Those skilled in the art will appreciate that the configuration of the payment device shown in fig. 4 is not intended to be limiting, and may be a bus configuration, a star configuration, a combination of more or fewer components than those shown in fig. 4, or a different arrangement of components. In the embodiment of the present invention, the payment device 400 may be any mobile or portable payment device, including but not limited to a mobile phone, a mobile computer, a tablet computer, a Personal Digital Assistant (PDA), a media player, a smart television, a combination of two or more of the above, and the like.
The processing unit 410 is a control center of the payment device, connects various parts of the entire payment device using various interfaces and lines, and performs various functions of the payment device and/or processes data by operating or executing software programs and/or modules stored in the storage unit and calling data stored in the storage unit. The processing unit 410 may be composed of an Integrated Circuit (IC), for example, a single packaged IC, or a plurality of packaged ICs with the same or different functions connected. For example, the Processing Unit 410 may include only a Central Processing Unit (CPU), or may be a combination of a GPU, a Digital Signal Processor (DSP), and a control chip (e.g., a baseband chip) in the communication Unit 450. In the embodiment of the present invention, the CPU may be a single operation core, or may include multiple operation cores.
The input unit 420 is used to enable user interaction with the payment device and/or input of information into the payment device. For example, the input unit 420 may receive numeric or character information input by a user to generate a signal input related to user setting or function control. In the embodiment of the present invention, the input unit 420 may be a touch panel, other human-computer interaction interfaces, such as physical input keys and a microphone, or other external information capturing devices, such as a camera. A touch panel, also referred to as a touch screen or touch screen, may collect an operation action on which a user touches or approaches. For example, the user uses any suitable object or accessory such as a finger, a stylus, etc. to operate on or near the touch panel, and drives the corresponding connection device according to a preset program. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects touch operation of a user, converts the detected touch operation into an electric signal and transmits the electric signal to the touch controller; the touch controller receives the electrical signal from the touch sensing device and converts it to touch point coordinates, which are then fed to the processing unit 410. The touch controller can also receive and execute commands sent by the processing unit 410. In addition, the touch panel may be implemented in various types, such as resistive, capacitive, Infrared (Infrared), and surface acoustic wave. In other embodiments of the present invention, the physical input keys used by the input unit may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like. An input unit in the form of a microphone may collect speech input by a user or the environment and convert it into commands executable by the processing unit in the form of electrical signals.
The input unit 420 may also be various sensing devices, such as hall devices, for detecting physical quantities of the payment device, such as force, moment, pressure, stress, position, displacement, speed, acceleration, angle, angular velocity, number of rotations, rotation speed, and time of change of working state, etc., and converting the physical quantities into electric quantities for detection and control. Other sensing devices may also include gravity sensors, three-axis accelerometers, gyroscopes, etc.
The output unit 430 includes, but is not limited to, an image output unit and a sound output unit. The image output unit is used for outputting characters, pictures and/or videos. The image output unit may include a Display panel, such as a Display panel configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), a Field Emission Display (FED), and the like. Alternatively, the image output unit may include a reflective display, such as an electrophoretic (electrophoretic) display, or a display using an Interferometric Modulation of Light (Interferometric Modulation). The image output unit may include a single display or a plurality of displays of different sizes. The touch panel used by the input unit 420 can also be used as the display panel of the output unit 430. For example, when the touch panel detects a gesture operation of touch or proximity thereon, the gesture operation is transmitted to the processing unit 410 to determine the type of the touch event, and then the processing unit 410 provides a corresponding visual output on the display panel according to the type of the touch event. Although in fig. 1, the input unit 420 and the output unit 430 are implemented as two independent components to implement the input and output functions of the payment device, in some embodiments, the touch panel may be integrated with the display panel to implement the input and output functions of the payment device. For example, the image output unit may display various Graphical User Interfaces (GUIs) as virtual control elements, including but not limited to windows, scroll shafts, icons, and scrapbooks, for a User to operate in a touch manner.
The image output unit may include a filter and an amplifier for filtering and amplifying the video output by the processing unit 410. The audio output unit includes a digital-to-analog converter for converting the audio signal output from the processing unit 410 from a digital format to an analog format.
The storage unit 440 may be used to store software programs and modules, and the processing unit 410 executes various functional applications of the payment device 400 and implements data processing by operating the software programs and modules stored in the storage unit 440. The storage unit 440 mainly includes a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, such as a sound playing program, an image playing program, and the like; the data storage area may store data (such as audio data, a phonebook, etc.) created according to the use of the payment apparatus, and the like.
The application program includes any application installed on the payment device including, but not limited to, browser, email, instant messaging service, word processing, keyboard virtualization, Widget (Widget), encryption, digital rights management, voice recognition, voice replication, location (e.g., functions provided by the global positioning system), music playing, and the like.
Specifically, the Memory unit 440 may include a volatile Memory, such as a Nonvolatile dynamic Random Access Memory (NVRAM), a Phase Change Random Access Memory (PRAM), a Magnetoresistive Random Access Memory (MRAM), and the like, and a non-volatile Memory, such as at least one magnetic disk Memory device, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a flash Memory device, such as a NOR flash Memory (NOR flash Memory) or a NAND flash Memory (NAND flash Memory). The nonvolatile memory stores an operating system and an application program executed by the processing unit. The processing unit 410 loads operating programs and data from the non-volatile memory into memory and stores digital content in mass storage devices. The operating system includes various components and/or drivers for controlling and managing conventional system tasks, such as memory management, storage device control, power management, etc., as well as facilitating communication between various hardware and software components. Specifically, the operating system may be an Android system developed by Google, an iOS system developed by Apple, a Windows operating system developed by Microsoft, or the like, or an embedded operating system such as Vxworks.
The communication unit 150 is used to establish a communication channel through which the payment device is connected to a remote server and to download media data from the remote server. The communication unit 150 may include a Wireless Local Area Network (wlan) module, a bluetooth module, a baseband (Base Band) module, and other communication modules, and a Radio Frequency (RF) circuit corresponding to the communication module, and is configured to perform wlan communication, bluetooth communication, infrared communication, and/or cellular communication system communication, such as Wideband Code Division Multiple Access (W-CDMA) and/or High Speed Downlink Packet Access (HSDPA). The communication module is used for controlling communication of each component in the payment device and can support Direct Memory Access (Direct Memory Access).
The various communication modules in the communication unit 450 are typically in the form of Integrated Circuit chips (Integrated Circuit chips) and may be selectively combined without including all of the communication modules and corresponding antenna groups. For example, the communication unit 450 may include only a baseband chip, a radio frequency chip, and a corresponding antenna to provide a communication function in one cellular communication system. The payment device may be connected to a Cellular Network (Cellular Network) or the Internet (Internet) via a wireless communication connection established by the communication unit 450, such as a wireless local area Network access or a WCDMA access. In some alternative embodiments of the present invention, the communication module, e.g., the baseband module, in the communication unit may be integrated into a processor unit, typically an APQ + MDM family platform as provided by the Qualcomm corporation.
The radio frequency circuit is used for receiving and sending signals in the process of information transceiving or conversation. For example, after receiving the downlink information of the base station, the downlink information is processed by the processing unit 410; in addition, the data for designing uplink is transmitted to the base station. Typically, the radio frequency circuitry includes well-known circuitry for performing these functions, including but not limited to an antenna system, a radio frequency transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a Codec (Codec) chipset, a Subscriber Identity Module (SIM) card, memory, and so forth. In addition, the radio frequency circuitry may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division Multiple Access, CDMA), Wideband Code Division Multiple Access (WCDMA), High Speed Uplink Packet Access (HSUPA), Long Term Evolution (LTE), e-mail, Short Messaging Service (SMS), and the like.
The power supply 460 is used to power the various components of the payment device to maintain its operation. As a general understanding, the power source 460 may be a built-in battery, such as a conventional lithium ion battery, nickel metal hydride battery, etc., or may include an external power source that directly powers the payment device 400, such as an AC adapter, etc. In some embodiments of the invention, the power source 460 may also be more broadly defined, and may include, for example, a power management system, a charging system, a power failure detection circuit, a power converter or inverter, a power status indicator (e.g., a light emitting diode), and any other components associated with the generation, management, and distribution of power to a payment device.
The payment device 400 of fig. 4 can perform the steps of the payment method in fig. 1 or fig. 2, and corresponds to the payment device 300 of fig. 3, for example, the input unit 420 can implement the same functions as the input module 310, the processing unit 410 can implement the same functions as the obtaining module 320 and the generating module 330, and the output unit 430 can implement the same functions as the output module 340, and for brevity, no further description is provided here.
Fig. 5 is a schematic configuration diagram of a payment server 500 according to an embodiment of the present invention. The payment server of fig. 5 is capable of implementing the steps performed by the payment server in fig. 1 and 2, and for brevity, will not be described here again.
A receiving module 510 for receiving a secure payment authorization code, the secure payment authorization code comprising a payment security code.
A verification module 520 for verifying the validity of the secure payment authorization code according to the payment security code.
A payment module 530 configured to make a payment according to the secure payment authorization code.
After receiving the secure payment authorization code, the payment server of the invention needs to verify the payment security code to determine whether the payment authorization code is from the TEE, i.e. whether the payment authorization code is secure or legal, and then performs payment, thereby improving the security of payment.
Optionally, as an embodiment, the secure payment authorization code further includes payment information, where the payment information includes at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, and a random number generator, and the payment security code is generated based on a device number of a payment device or the identification information; the payment server further comprises an acquisition module for acquiring the payment information in the secure payment authorization code; the payment module is specifically used for paying according to the payment information.
Optionally, as an embodiment, the obtaining module is specifically configured to: acquiring a first payment authorization code in the secure payment authorization codes; obtaining the payment information from the payment authorization code.
Optionally, as an embodiment, the receiving module 510 is further configured to receive a payment authorization code request message sent by a payment device. The payment server further comprises a sending module, configured to send a response message to the payment device, where the response message carries the first payment authorization code. The secure payment authorization code is generated by the payment device according to the first payment authorization code and the secure payment code in the TEE.
Optionally, as an embodiment, the receiving module 510 is further configured to receive a payment information request message sent by a payment device. The payment server further comprises a sending module, configured to send a response message to the payment device, where the response message carries the payment information. The secure payment authorization code is generated by the payment device in the TEE according to the payment information and the secure payment code in the TEE.
Optionally, as an embodiment, the secure payment authorization code is generated by the payment device in the TEE according to the payment information pre-stored in the payment device and a secure payment code in the TEE.
Optionally, as an embodiment, the secure payment authorization code is generated in the TEE according to a second payment authorization code and a secure payment code in the TEE after the payment device generates the second payment authorization code according to the payment information pre-stored in the payment device.
Optionally, as an embodiment, the verifying the validity of the secure payment authorization code according to the payment security code includes: generating a third payment authorization code according to the payment information locally stored by the payment server; calculating a hash value of the third payment authorization code and a payment security code locally stored by the payment server; determining that the secure payment authorization code matches the hash value to verify the legitimacy of the secure payment authorization code.
Fig. 6 is a schematic structural diagram of a payment apparatus 600 of an embodiment of the present invention. It should be understood that the payment device 600 of fig. 6 is capable of performing the various steps performed by the payment device of fig. 1 and 2, and in order to avoid repetition, will not be described in detail herein. Payment device 600 includes memory 610, processor 620, and transceiver 630.
And a memory 610 for storing programs.
A transceiver 630 for receiving an instruction requesting generation of a payment authorization code.
A processor 620 for executing programs in the memory 610, the processor 620 being configured, when the programs are executed, to: obtaining a payment security code in the TEE, wherein the payment security code is used for verifying the validity of a payment authorization code by a payment server; generating a secure payment authorization code in the TEE according to the payment security code.
The transceiver 630 is further configured to display the secure payment authorization code at the TUI of the TEE, so that a payment server obtains the secure payment authorization code and performs payment according to the secure payment authorization code.
According to the payment equipment, the generated payment authorization code contains the security code in the TEE, so that the payment authorization code is generated in the TEE, namely the payment authorization code is legal, after the payment server obtains the payment authorization code, the payment authorization code is determined to be from a secure environment and is credible by judging that the security code is contained in the payment authorization code, then payment is carried out according to the payment information, and therefore payment can be avoided according to the payment authorization code generated by malicious software imitating legal software, and finally the payment security is provided. On the other hand, because the payment authorization code is presented in the TEE of the payment device, and the payment device under the TEE has the screen capture prevention function, malicious software can be prevented from stealing the payment authorization code generated in the TEE of the payment device through screen capture and other modes, malicious software can be prevented from triggering the payment device to generate and steal the payment authorization code, and finally the payment security is improved.
Optionally, as an embodiment, the processor 620 is specifically configured to: the method comprises the steps of obtaining payment information, and generating a safe payment authorization code according to the payment safety code and the payment information, wherein the payment information comprises at least one of identification information, payment type, payment mode, payment time, timestamp and a random number generator of a payment account, and the payment safety code is generated based on the equipment number of payment equipment or the identification information.
Optionally, as an embodiment, the processor 620 is specifically configured to: sending a request message of the payment information to a payment server; and receiving a response message sent by a payment server, wherein the response message comprises the payment information.
Optionally, as an embodiment, the processor 620 is specifically configured to: sending a request message of a payment authorization code to a payment server; receiving a response message sent by a payment server, wherein the response message comprises a payment authorization code, and the payment authorization code carries the payment information; generating, in the TEE, the secure payment authorization code according to the payment security code and payment authorization code.
Optionally, as an embodiment, the memory 610 is specifically configured to store payment information in the TEE in advance before receiving the instruction.
Optionally, as an embodiment, the processor 620 is specifically configured to: generating a payment authorization code according to the payment information; generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
Optionally, as an embodiment, the processor 620 is specifically configured to: calculating a hash value of the payment security code and the payment authorization code, wherein the hash value is the secure payment authorization code.
Optionally, as an embodiment, the transceiver is specifically configured to: and displaying the secure payment authorization code in the TEE in a two-dimensional code or bar code mode.
Fig. 7 is a schematic configuration diagram of a payment server of the embodiment of the present invention. The payment server 700 of fig. 7 is capable of implementing the steps performed by the payment server in fig. 1 and 2, and therefore, for brevity, will not be described again here.
The memory 710 is used to store programs.
The transceiver 730 is used to receive a secure payment authorization code.
The processor 720 is configured to verify the validity of the secure payment authorization code based on the payment security code.
The processor 720 is further configured to make a payment in accordance with the secure payment authorization code.
After receiving the secure payment authorization code, the payment server of the invention needs to verify the payment security code to determine whether the payment authorization code is from the TEE, i.e. whether the payment authorization code is secure or legal, and then performs payment, thereby improving the security of payment.
Optionally, as an embodiment, the secure payment authorization code further includes payment information, where the payment information includes at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, and a random number generator, and the payment security code is generated based on a device number of a payment device or the identification information; the processor 720 is further configured to obtain the payment information in the secure payment authorization code, and perform payment according to the payment information.
Optionally, as an embodiment, the processor 720 is specifically configured to: acquiring a first payment authorization code in the secure payment authorization codes; obtaining the payment information from the first payment authorization code.
Optionally, as an embodiment, the transceiver 730 is further configured to receive a payment authorization code request message sent by a payment device, and send a response message to the payment device, where the response message carries the payment authorization code. The secure payment authorization code is generated by the payment device in the TEE according to the payment authorization code and the secure payment code in the TEE.
Optionally, as an embodiment, the transceiver 730 is further configured to receive a payment information request message sent by a payment device, and send a response message to the payment device, where the response message carries the payment information. The secure payment authorization code is generated by the payment device in the TEE according to the payment information and the secure payment code in the TEE.
Optionally, as an embodiment, the secure payment authorization code is generated by the payment device in the TEE according to the payment information pre-stored in the payment device and a secure payment code in the TEE.
Optionally, as an embodiment, the secure payment authorization code is generated according to a secure payment code in the TEE and a second payment authorization code generated by the payment device according to the payment information pre-stored in the payment device.
Optionally, as an embodiment, the processor 720 is specifically configured to generate a third payment authorization code according to the payment information locally stored by the payment server; calculating a hash value of the third payment authorization code and a payment security code locally stored by the payment server; determining that the secure payment authorization code matches the hash value to verify the legitimacy of the secure payment authorization code.
Fig. 8 is a schematic configuration diagram of a system chip of the embodiment of the present invention. The soc 800 of fig. 8 includes an input interface 810, an output interface 820, at least one processor 830, and a memory 840, the input interface 810, the output interface 820, the processor 830, and the memory 840 are connected via a bus, the processor 830 is configured to execute codes in the memory 840, and when the codes are executed, the processor 830 implements the method performed by the payment device in fig. 1 and 2.
Fig. 9 is a schematic configuration diagram of a system chip of the embodiment of the present invention. The system chip 900 of fig. 9 includes an input interface 910, an output interface 920, at least one processor 930, and a memory 940, the input interface 910, the output interface 920, the processor 930, and the memory 940 are connected via a bus, the processor 930 is configured to execute codes in the memory 940, and when the codes are executed, the processor 930 implements the method executed by the payment server in fig. 1 and 2.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (32)

1. A payment method, comprising:
receiving an instruction to request payment;
acquiring a payment security code in a Trusted Execution Environment (TEE);
generating, in the TEE, a secure payment authorization code according to the payment security code, the payment security code being for a payment server to verify validity of the secure payment authorization code, wherein the payment server determines whether the secure payment authorization code is derived from the TEE by verifying the payment security code;
displaying the secure payment authorization code on a trusted user interface TUI of the TEE, so that the payment server can obtain the secure payment authorization code and pay according to the secure payment authorization code.
2. The payment method of claim 1, further comprising obtaining payment information, the payment information comprising at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, random number generator;
wherein the payment security code is generated based on a device number of a payment device or the identification information;
generating, in the TEE, a secure payment authorization code according to the payment security code, including:
generating, in the TEE, the secure payment authorization code according to the payment security code and payment information.
3. The payment method of claim 2, wherein the obtaining the payment information comprises:
sending a request message of the payment information to a payment server;
and receiving a response message sent by a payment server, wherein the response message comprises the payment information.
4. The payment method of claim 2, wherein the obtaining the payment information comprises:
sending a request message of a payment authorization code to a payment server;
receiving a response message sent by a payment server, wherein the response message comprises a payment authorization code, and the payment authorization code carries the payment information;
wherein the generating a secure payment authorization code in the TEE according to the payment security code and payment information includes:
generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
5. A payment method as claimed in claim 2, wherein the payment information has been stored in a payment device prior to receiving the instruction.
6. The payment method of claim 5, wherein the generating, in the TEE, the secure payment authorization code from the payment security code and payment information comprises:
generating a payment authorization code according to the payment information;
generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
7. The payment method of claim 4 or 6, wherein the generating, in the TEE, the secure payment authorization code from the payment security code and the payment authorization code comprises:
calculating a hash value of the payment authorization code and the payment security code in the TEE, the hash value being the secure payment authorization code.
8. The payment method of any one of claims 1 to 6, wherein the displaying the secure payment authorization code in the TEE comprises:
and displaying the secure payment authorization code in the TEE in a two-dimensional code or bar code mode.
9. A payment method, comprising:
receiving a secure payment authorization code, the secure payment authorization code including a payment security code;
verifying the validity of the secure payment authorization code according to the payment security code;
making payment according to the secure payment authorization code;
wherein said verifying the validity of the secure payment authorization code in accordance with the payment security code comprises: determining whether the secure payment authorization code is derived from the TEE by verifying the payment security code.
10. A payment method as recited in claim 9, wherein the secure payment authorization code further includes payment information including at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, random number generator, the payment security code being generated based on a device number of a payment device or the identification information;
the payment method further comprises the following steps:
obtaining the payment information in the secure payment authorization code;
wherein said making payment according to said secure payment authorization code comprises:
and carrying out payment according to the payment information.
11. A payment method as recited in claim 10, wherein the obtaining payment information in the secure payment authorization code comprises:
acquiring a first payment authorization code in the secure payment authorization codes;
obtaining the payment information from the first payment authorization code.
12. A payment method as recited in claim 11, wherein the payment method further comprises:
receiving a payment authorization code request message, wherein the payment authorization code request message is sent by payment equipment after receiving a request instruction of a payment authorization code;
sending a response message to the payment device, wherein the response message carries the first payment authorization code;
the secure payment authorization code is generated by the payment device in a Trusted Execution Environment (TEE) according to the first payment authorization code and a payment security code in the TEE.
13. A payment method as recited in claim 10, wherein the payment method further comprises:
receiving a payment information request message, wherein the payment information request message is sent by payment equipment after receiving a request instruction of a payment authorization code;
sending a response message to the payment equipment, wherein the response message carries the payment information;
the secure payment authorization code is generated by the payment device in the TEE according to the payment information and the payment secure code in the TEE.
14. A payment method as claimed in claim 10, wherein the secure payment authorisation code is generated by the payment device in the TEE from the payment information pre-stored in the payment device and a secure payment code in the TEE.
15. The payment method according to claim 10, wherein the secure payment authorization code is generated in the TEE according to a second payment authorization code and a secure payment code in the TEE after the payment device generates the second payment authorization code according to the payment information pre-stored in the payment device.
16. A payment method as claimed in any one of claims 9 to 15, wherein the verifying the legitimacy of the secure payment authorisation code in dependence on the payment security code comprises:
generating a third payment authorization code according to the payment information locally stored by the payment server;
calculating a hash value of the third payment authorization code and a payment security code locally stored by the payment server;
determining that the secure payment authorization code matches the hash value to verify the legitimacy of the secure payment authorization code.
17. A payment device, comprising:
the input module is used for receiving an instruction for requesting payment;
the acquisition module is used for acquiring a payment security code in the trusted execution environment TEE;
a generating module, configured to generate, in the TEE, a secure payment authorization code according to the payment security code, where the payment security code is used for a payment server to verify validity of the secure payment authorization code, and the payment server determines, by verifying the payment security code, whether the secure payment authorization code is from the TEE;
and the output module is used for displaying the safe payment authorization code through a trusted user interface TUI of the TEE, so that the payment server can conveniently acquire the safe payment authorization code and carry out payment according to the safe payment authorization code.
18. The payment device of claim 17, wherein the obtaining module is further configured to obtain payment information, and the payment information includes at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, and random number generator;
the generation module is specifically configured to: generating, in the TEE, the secure payment authorization code from the payment security code and the payment information, the payment security code generated based on a device number of a payment device or the identification information.
19. The payment device of claim 18, wherein the acquisition module is specifically configured to:
sending a request message of the payment information to a payment server;
and receiving a response message sent by a payment server, wherein the response message comprises the payment information.
20. The payment device of claim 18, wherein the acquisition module is specifically configured to:
sending a request message of a payment authorization code to a payment server;
receiving a response message sent by a payment server, wherein the response message comprises a payment authorization code, and the payment authorization code carries the payment information;
wherein the generation module is specifically configured to: generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
21. The payment device of claim 18, wherein the payment information has been stored in the payment device prior to receiving the instruction.
22. Payment apparatus as claimed in claim 21, wherein the generation module is specifically configured to:
generating a payment authorization code according to the payment information;
generating, in the TEE, the secure payment authorization code according to the payment security code and the payment authorization code.
23. Payment apparatus as claimed in claim 20 or 22, wherein the generation module is specifically configured to:
calculating a hash value of the payment security code and the payment authorization code in the TEE, the hash value being the secure payment authorization code.
24. Payment apparatus according to any one of claims 17 to 22, wherein the output module is specifically configured to:
and displaying the secure payment authorization code in the TEE in a two-dimensional code or bar code mode.
25. A payment server, comprising:
a receiving module for receiving a secure payment authorization code, the secure payment authorization code including a payment security code;
a verification module for verifying the validity of the secure payment authorization code according to the payment security code;
the payment module is used for paying according to the safe payment authorization code;
wherein said verifying the validity of the secure payment authorization code in accordance with the payment security code comprises: determining whether the secure payment authorization code is derived from a TEE by verifying the payment security code.
26. The payment server of claim 25, wherein the secure payment authorization code further comprises payment information including at least one of identification information of a payment account, payment type, payment method, payment time, timestamp, random number generator, the payment security code being generated based on a device number of a payment device or the identification information;
the payment server further comprises an acquisition module for acquiring the payment information in the secure payment authorization code;
the payment module is specifically used for paying according to the payment information.
27. The payment server of claim 26, wherein the obtaining module is specifically configured to:
acquiring a first payment authorization code in the secure payment authorization codes;
obtaining the payment information from the first payment authorization code.
28. The payment server according to claim 27, wherein the receiving module is further configured to receive a payment authorization code request message sent by a payment device;
the payment server further comprises a sending module, configured to send a response message to the payment device, where the response message carries the first payment authorization code;
the secure payment authorization code is generated by the payment device in a Trusted Execution Environment (TEE) according to the first payment authorization code and a secure payment code in the TEE.
29. The payment server of claim 26, wherein the receiving module is further configured to receive a payment information request message sent by a payment device;
the payment server further comprises a sending module, configured to send a response message to the payment device, where the response message carries the payment information;
and the safe payment authorization code is generated by the payment equipment according to the payment information and the safe payment code in the TEE.
30. The payment server of claim 26, wherein the secure payment authorization code is generated by a payment device in a TEE according to the payment information pre-stored in the payment device and a secure payment code in the TEE.
31. The payment server according to claim 26, wherein the secure payment authorization code is generated in the TEE according to a secure payment code in the TEE and a second payment authorization code generated by the payment device according to the payment information pre-stored in the payment device.
32. Payment server according to any one of claims 25 to 31, wherein the verification module is specifically configured to:
generating a third payment authorization code according to the payment information locally stored by the payment server;
calculating a hash value of the third payment authorization code and a payment security code locally stored by the payment server;
determining that the secure payment authorization code matches the hash value to verify the legitimacy of the secure payment authorization code.
CN201610389773.2A 2016-06-01 2016-06-01 Payment method, payment device and payment server Active CN107451813B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610389773.2A CN107451813B (en) 2016-06-01 2016-06-01 Payment method, payment device and payment server
PCT/CN2017/086317 WO2017206833A1 (en) 2016-06-01 2017-05-27 Payment method, payment apparatus, and payment server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610389773.2A CN107451813B (en) 2016-06-01 2016-06-01 Payment method, payment device and payment server

Publications (2)

Publication Number Publication Date
CN107451813A CN107451813A (en) 2017-12-08
CN107451813B true CN107451813B (en) 2021-05-18

Family

ID=60478563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610389773.2A Active CN107451813B (en) 2016-06-01 2016-06-01 Payment method, payment device and payment server

Country Status (2)

Country Link
CN (1) CN107451813B (en)
WO (1) WO2017206833A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108197913B (en) * 2017-12-18 2021-01-05 深圳前海微众银行股份有限公司 Payment method, system and computer readable storage medium based on block chain
CN109544828A (en) * 2018-12-04 2019-03-29 苏州斯普锐智能系统有限公司 Sales counter cash register system based on wireless bar code scanning platform and mobile intelligent terminal
CN111383015B (en) * 2018-12-29 2023-11-03 华为技术有限公司 Transaction security processing method and device and terminal equipment
CN110677261B (en) * 2019-09-29 2023-05-12 四川虹微技术有限公司 Trusted two-dimensional code generation method and device, electronic equipment and storage medium
CN111815318A (en) * 2020-06-17 2020-10-23 衡水海博云科技有限公司 Equipment, system and method for aggregated payment
CN111915311B (en) * 2020-08-03 2022-07-01 支付宝(杭州)信息技术有限公司 Payment checking method and system
CN112365256B (en) * 2020-11-06 2024-06-14 中国银联股份有限公司 Payment code management method, terminal equipment, server, system and storage medium
CN112488681A (en) * 2020-12-11 2021-03-12 广东广宇科技发展有限公司 Block chain-based authorization code payment method, system, terminal and storage medium
US11995643B2 (en) * 2022-05-10 2024-05-28 Capital One Services, Llc System and method for providing a temporary virtual payment card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573547A (en) * 2014-10-21 2015-04-29 江苏通付盾信息科技有限公司 Information interaction safety protection system and operation realization method thereof
CN104636917A (en) * 2015-02-03 2015-05-20 武汉天喻信息产业股份有限公司 Mobile payment system and method with secure payment function
CN104732388A (en) * 2015-03-26 2015-06-24 深圳市亚略特生物识别科技有限公司 Electronic payment method and system
CN105528554A (en) * 2015-11-30 2016-04-27 华为技术有限公司 User interface switching method and terminal

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101377838A (en) * 2007-08-30 2009-03-04 北京方维银通科技有限公司 Data safety processing method
CN102257540A (en) * 2008-12-19 2011-11-23 Nxp股份有限公司 Enhanced smart card usage
CA2832359C (en) * 2011-04-05 2018-05-08 Richard Stanley SMYTHE Financial transaction systems and methods
CN104143066A (en) * 2013-05-10 2014-11-12 中国银联股份有限公司 Security information exchanging device
CN103366269A (en) * 2013-07-05 2013-10-23 李卓桓 Fast payment method, equipment and system
CN104301289B (en) * 2013-07-17 2018-09-04 中国银联股份有限公司 Equipment for safety information interaction
US20150084785A1 (en) * 2013-09-20 2015-03-26 Mastercard International Incorporated Wireless utility meter reading system and method
CN103634294B (en) * 2013-10-31 2017-02-08 小米科技有限责任公司 Information verifying method and device
CN103679440B (en) * 2013-12-14 2017-01-11 福建省优艾迪网络信息有限公司 Financial receipt and payment method with two-dimension code being used as carrier
TWI611358B (en) * 2014-08-20 2018-01-11 全宏科技股份有限公司 Transaction device, transaction system using the same and transaction method using the same
CN104363199B (en) * 2014-09-30 2017-10-27 熊文俊 Safety certifying method and time synchronous code module based on time synchronized code
CN104376462A (en) * 2014-11-19 2015-02-25 中城智慧科技有限公司 Safe code scanning payment method
CN104850988B (en) * 2015-05-08 2018-07-17 邹骁 A kind of mobile-payment system, method and relevant device
CN104835040A (en) * 2015-05-26 2015-08-12 浙江维尔科技股份有限公司 Payment method and system
CN105069921A (en) * 2015-07-30 2015-11-18 北京京东尚科信息技术有限公司 Data identification method, apparatus, and system for self-service delivery cabinet
CN105205660A (en) * 2015-08-28 2015-12-30 深圳市泰久信息系统股份有限公司 Two-dimensional code technology-based card-free payment method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573547A (en) * 2014-10-21 2015-04-29 江苏通付盾信息科技有限公司 Information interaction safety protection system and operation realization method thereof
CN104636917A (en) * 2015-02-03 2015-05-20 武汉天喻信息产业股份有限公司 Mobile payment system and method with secure payment function
CN104732388A (en) * 2015-03-26 2015-06-24 深圳市亚略特生物识别科技有限公司 Electronic payment method and system
CN105528554A (en) * 2015-11-30 2016-04-27 华为技术有限公司 User interface switching method and terminal

Also Published As

Publication number Publication date
CN107451813A (en) 2017-12-08
WO2017206833A1 (en) 2017-12-07

Similar Documents

Publication Publication Date Title
CN107451813B (en) Payment method, payment device and payment server
CN109472166B (en) Electronic signature method, device, equipment and medium
CN107222485B (en) Authorization method and related equipment
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
US11488234B2 (en) Method, apparatus, and system for processing order information
US11410156B2 (en) NFC payment method and terminal
CN109033885B (en) Data response method, terminal equipment and server
CN104579668B (en) The verification method and cipher protection apparatus and verifying system of a kind of user identity
CN107483213B (en) Security authentication method, related device and system
CN107005619B (en) Method, corresponding device and system for registering mobile point of sale (POS)
KR20160042865A (en) System and method for initially establishing and periodically confirming trust in a software application
WO2017084288A1 (en) Method and device for verifying identity
US11038684B2 (en) User authentication using a companion device
WO2018129726A1 (en) Authorization credential migration method, terminal device and service server
CN104954126B (en) Sensitive operation verification method, device and system
CN106611310B (en) Data processing method, wearable electronic device and system
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
CN107395610B (en) Communication authentication method, first terminal and second terminal
CN108335105B (en) Data processing method and related equipment
WO2017147890A1 (en) Verification code short message display method and mobile terminal
KR102616421B1 (en) Payment method using biometric authentication and electronic device thereof
CN110474864B (en) Method for registering and logging in mobile application program and electronic equipment
EP3764258B1 (en) Constructing common trusted application for a plurality of applications
CN106255102B (en) Terminal equipment identification method and related equipment
CN110795737A (en) Method and terminal equipment for upgrading service application range of electronic identity card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Applicant after: Huawei Device Co., Ltd.

Address before: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Applicant before: HUAWEI terminal (Dongguan) Co., Ltd.

GR01 Patent grant
GR01 Patent grant